W dniu 15.01.2024 o 05:16, Phil Smith III pisze:
Steve Estle wrote, in part:
but we'd like to encrypt as much as possible in our environment
Why? What problem are you trying to solve? Remember that DSE provides
protection against exactly two attacks:
1) Someone getting at the wire between the array and the CEC
For that purpose IBM implemented FICON channel encryption.
Whole transmission can be encrypted, whether it is business data or just
ICKDSF command.
2) Rogue storage admin
IMHO that's one of the most important reasons.
STGADMIN profiles mitigate the problem, but there is also DASD access
from another LPAR and another security rules.
--
Radoslaw Skorupka
Lodz, Poland
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
